On Thu, Mar 15, 2007 at 02:09:55PM +0000, Ivan Ristic wrote:
> >I have one or two feature requests for Mod. Should I post them to the
> >list or to you in a private message?
>
> The list please.
So here we go. I have two feature requests.
- Seperate collections for query string parameters and post payload
arguments.
ARGS is a handy collection, but for a whitelist policy, I want to be
exact and right now I have to do a special hack with every post
parameter to make sure it is not submitted as query string argument
(and vice-versa). Seperate collections simplify my rulesets.
- Regex ranges in selection operator
While ARGS:/^uid_\d$/ works as selector ARGS:/^uid_\d{1,5}$/ does not.
In fact I get the following during restart.
Error creating rule: Unknown variable: 5}$/
(ModSecurity 2.1.0)
It would be very cool if this would syntax would work.
Otherwise, after two months of remo, I am very much pleased with the
possibilities of the ModSecurity rules language.
regards,
Christian
--
christian.folini@... - http://www.netnea.com

Thank you for the answer, I used
<IfModule security2_module>
<Location /upload/archivos>
SecRuleEngine Off
SecAuditEngine Off
</Location>
</IfModule>
And it worked just fine.
(Sorry if the mail start getting out of office responses, I tried to=20
unsuscribe but apparently I failed to reply to the confirmation message).
El Viernes, 9 de Marzo de 2007 5:28 PM, escribi=F3:
> Sorry for the delay... A few points -
>
> 1) You need to use <IfModule security2_module> for this to work. The
> syntax you are using now will not match an active DSO name so the Mod
> directives will not be processed.
>
> 2) If you fix item #1, then you will most likely get an error message
> upon startup stating that you are trying to use directives that are not
> from an active module. That is because you are trying to use the older
> 1.X directive name with the 2.X rule syntax. For example, instead of
> using SecFilterEngine, you should use SecRuleEngine. Please refer to
> the online Reference Manual for the proper directive names.
>
> 3) You can use either SecRuleEngine Off or SecRuleInheritance Off within
> the VirtualHost and it should work.
>
> 4) One caveat - these directives will not be able to control Mod rules
> that run in phase:1 as the Apache Scope Directives (VirtualHost,
> Location, etc... ) aren't available yet. This is what is happening in
> your audit log examples as there is a phase:1 rule that is using
> @validateUtf8Encoding.
>
> Hope this helps.